I'm afraid currently there's no SaaS version, may be we could work on to have something in the future.
REgards,
Bruce,
ADAudit Plus Team
↧
Re : SaaS
↧
Re : Cloud
I'm afraid currently there's no Azure component of ADAudit Plus, may be we could work on to have something in the future.
Regards,
Bruce,
ADAudit Plus Team
↧
↧
Re : Agent
I'd say, data can communicate through HTTPS channel for ADAudit Plus. We might need to enable SSL connection in the web portal. It uses RPC/WMI calls to query the events from security log source.
Regards,
Bruce,
ADAudit Plus Team
↧
Failed change/delete requests?
Hi there,
i am looking for a Report which tells me when and whom tried to delete an Computer Account even when it failed...
The Logging on the Domain Controller is configured properly but i cant find this in adaudit.
Anyone an idea?
Kind regards
↧
Alert: File Modified Warning - reporting wrong information
We have a profile based alert that notifies our team when more than 200 files are modified at one time. Lately we've been getting the notification with the wrong User identified in the message. Such as:
Message: User 'wrong user name' Created file/folder '\\servername03\mainfile\facilities\telephone\pay phones'.
Modified by: wrong user name
The "wrong user name" is actually my name - but I did not access the folder. Why would this be reporting my name instead of the user that actually accessed/modified the file?
Thank You
↧
↧
Re : Alert: File Modified Warning - reporting wrong information
Can you post your rule/alert setup?
↧
Re : Failed change/delete requests?
We can track this activity through 'Recently deleted computers' report located under Computer management category in Reports tab. This requires us to ensure the necessary auditing is enabled on DCs.
Regards,
Bruce
ADAudit Plus Team
↧
Domain different UPN
HI,
Our domain is different than the logins "UPN" .
In the reports it is impossible to select another UPN as the main domain.
Do you have a solution ?
Thanks you
David Martin
↧
The problem with the home page. Alerts.
Hello. I have a strange problem in the new interface.
I installed the trial version of the program
Product Version 5.0.0
Build No 5000
I did the audit of two local domain.
The user administrator on the home page, on the right side, an error warning in two domains.
However, if you logged in as a different user, local or domain user with administrator privileges. Messages will not be displayed.
If you switch to the old interface messages will be displayed.
I have no idea how to solve this problem. You can offer a solution?
↧
↧
Stale machine report
Hi,
I need to run a report of machines that have not been logged onto or on the network (either works) in the past XX days. I don't see an obvious report (new to AD Audit) can someone let me know how to accomplish this? Thanks.
↧
Re : Alert: File Modified Warning - reporting wrong information
First of all, It was an event logged which reveals that a file/folder was created and not modified. It could be due to interactive approach or by an application/script configured with your credentials. We can further interpret the details on a remote session if you could just send an email to support
Regards,
Bruce
ADAudit Plus Team
↧
Re : Domain different UPN
We wouldn't be able to add/alter the fields in ADAudit Plus reports as the information is being parsed from security event log of configured DCs. Having said that, If you are trying to monitor user logon activity on a different domain, you could add another domain under 'Domain settings' and choose the later to find information on activities of the same.
Regards,
Bruce
ADAudit Plus Team
↧
Re : Stale machine report
ADAudit Plus doesn't have the report to retrieve inactive or stale users/computers and as it is intended for tracking changes only. We have another tool called ADManager Plus which has the report for inactive users/computers.
Regards,
Bruce
ADAudit Plus Team
↧
↧
Re : The problem with the home page. Alerts.
This could be a browser issue. Please do a hard refresh (ctrl+shift+R) or restart the service once. Also I'd suggest to try accessing the console from a different computer/browser.
If the issue persists, please upload the log files following the steps given below,
1. Stop ADAudit Plus
2. Go to <Install-dir>\ADAudit Plus\logs
3. Compress the folder and upload the .zip file through below link,
4. Please add a description of the issue.
Regards,
Bruce
ADAudit Plus Team
↧
File Integrity Monitoring not collecting data on DCs
I followed the instructions to setup file integrity reports on the domain controllers in the environment. I also manually added the audit permissions to one of the DC's Windows folders, to see if making modifications there causes any logs to populate, no luck so far.
Does the fact that the 'Object Access policy and audit permissions(SACLs) need to be configured to audit the configured servers.' error pops up every time I open the reports mean that it isn't actually configured correctly? Is there an easier way to start troubleshooting, the guide I found within ADAudit itself didn't lead me towards anything helpful.
Thanks
↧
Re : File Integrity Monitoring not collecting data on DCs
The message is not an error that pops up regarding SACL configuration. It is to notify clients about manual configuration of required audit settings. Please try below,
1. Login to the corresponding server
2. Open command prompt (Run as Administrator)
3. Execute the below command and share the result
auditpol /get /category:"Object Access"
4. We would need to have the following subcategories enabled
Audit File System
Audit Handle Manipulation
5. If they are set to audit success and failure events, Please verify the SACLs on the system folders that are being monitored. Please refer below link,
Hope it helps.
Regards,
Bruce
ADAudit Plus Team
↧
Re : The problem with the home page. Alerts.
the problem is solved by upgrading to build 5010 the problem is solved
↧
↧
Re : File Integrity Monitoring not collecting data on DCs
Hey Bruce, thanks for the reply. Here's the results of the queries on my DCs:
![]()
![]()
I've looked at that page, but ran into a couple of concerns. First the page states that ADAudit should handle these settings for me, manually having to make these changes on all of our DCs would both take a lot of time, and also be concerning that the steps may be missed as more DCs are brought online in our environment. "By default ADAudit Plus will automatically set required audit entries and SACLs as and when Servers and required 'Folders' are configured in the product." Regardless, I still went through and manually changed the security settings on one of the DCs to allow auditing of "everyone" on the Windows folder.System audit policyCategory/Subcategory SettingObject AccessFile System Success and FailureRegistry No AuditingKernel Object No AuditingSAM No AuditingCertification Services No AuditingApplication Generated No AuditingHandle Manipulation Success and FailureFile Share SuccessFiltering Platform Packet Drop No AuditingFiltering Platform Connection No AuditingOther Object Access Events SuccessDetailed File Share No Auditing
This enabled new "File System" (4663, 4656, 4658, etc) security events on that server, but even after that manual process, nothing is showing up in the ADAudit interface. (And again, having to manually set that on every server wouldn't be ideal, and doesn't match what I read in the guide).
An attempt was made to access an object.Subject:Security ID: ----------Account Name: --------Account Domain: ----------Logon ID: -------Object:Object Server: SecurityObject Type: FileObject Name: C:\Windows\ak - fim - test 1 - Copy.txtHandle ID: 0xa7cProcess Information:Process ID: 0xe00Process Name: C:\Windows\explorer.exeAccess Request Information:Accesses: DELETEAccess Mask: 0x10000
This monitoring is a big part of why we purchased the tool, and it's becoming a very time sensitive issue. Any help would be greatly appreciated.
Cheers
Andy
↧
Issue with exports
When exporting to csv ADAudit appears to add additional content to the reports.
![]()
Why exporting to say Excel, lines 1-5 are fine but when exporting to csv (raw if you will), I don't need this extra data.
If this is not possible, is there a way of accessing the database so I can drag the raw data myself without the additional lines?
Stephen Fowles
3rd Line Support Technician
North West Ambulance Service - NHS Trust
Why exporting to say Excel, lines 1-5 are fine but when exporting to csv (raw if you will), I don't need this extra data.
If this is not possible, is there a way of accessing the database so I can drag the raw data myself without the additional lines?
Stephen Fowles
3rd Line Support Technician
North West Ambulance Service - NHS Trust
↧
Re : Issue with exports
Stephen,
I'm afraid we wouldn't be able to alter the export behavior with respect to CSV format. We'd raise this to our development team and get it handled.
Regards,
Bruce
ADAudit Plus Team
↧